fsxdemo.exe

Microsoft Corporation

The program is a setup application that uses the WinZip SFX installer. The file has been seen being downloaded from www.indir.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

MD5:
3a91b563c4eb5e9c0a809c0a1fde1bc3

SHA-1:
cbb13d2a7918f409f224eab7d3a2014330fc87bc

SHA-256:
0d616d8fb6315c15e9919a29968f98b1feda14a2a284721dad114395154e58be

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/23/2024 2:25:17 AM UTC  (today)

File size:
798.3 MB (837,056,344 bytes)

File type:
Executable application (Win32 EXE)

Installer:
WinZip SFX

Common path:
C:\users\{user}\downloads\fsxdemo.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
4/4/2006 12:43:46 PM

Valid to:
10/4/2007 12:53:46 PM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61469ECB000400000065

File PE Metadata
Compilation timestamp:
1/9/2001 6:09:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.10

CTPH (ssdeep):
25165824:saftlDkwfgI21rhw05LmT3gJ3p2Js8tQWG/u+IgUj8dy:x1lDpgI2rhw0LJ3p2Js8PKu+IgUj8dy

Entry address:
0x3F8F

Entry point:
53, FF, 15, 4C, 70, 40, 00, B3, 22, 38, 18, 74, 03, 80, C3, FE, 8A, 48, 01, 40, 33, D2, 3A, CA, 74, 0A, 3A, CB, 74, 06, 8A, 48, 01, 40, EB, F2, 38, 10, 74, 01, 40, 52, 50, 52, 52, FF, 15, 50, 70, 40, 00, 50, E8, 9E, F3, FF, FF, 50, FF, 15, 54, 70, 40, 00, 5B, C3, 8B, 44, 24, 04, 8B, 40, 3C, 05, F8, 00, 00, 00, C3, 55, 8B, EC, 51, A1, 88, 94, 40, 00, 83, 0D, 00, 93, 40, 00, FF, 56, 33, F6, 39, 35, 40, 8E, 40, 00, 89, 35, 34, 94, 40, 00, 89, 35, 84, 94, 40, 00, A3, 24, 97, 40, 00, 75, 05, E8, 9D, D2, FF, FF...
 
[+]

Entropy:
7.9867

Packer / compiler:
WinZip, 0x32-bit SFX v8.x module

Code size:
21.5 KB (22,016 bytes)

The file fsxdemo.exe has been seen being distributed by the following 29 URLs.

http://www.indir.com/kaydet.php?x=TVRRek5rQkFRQ0VoSVM1QmMyNHJOR1lsYlRWTnx8fDJhMGYzNjQ2N2I4NTM4MDg0ODNmYWI5YzM3ZGZjOWFm&m=1&sub=windows

http://mujsoubor.cz/download/simulatory/microsoft-flight-simulator-x/5pisjkcb1s9nv5kebnu42ehls5/.../microsoft-flight-simulator-x_1.0.exe

http://data2.stiahnut.sk/downloadFile.php?n=bWljcm9zb2Z0LWZsaWdodC1zaW11bGF0b3IteF8xLjAuZXhl&s=rkjl9qugpfd5095m44i714u7d2&r=38f8c428e40e123a06f47a6139b79fc6

http://www.downloadpresentcity.com/hExmErkZApvFY5Cl9jkAvanuaeoJZmtMmPyv6AuQ9lkwlZJFfj3WoAkVx 26fyiVJS7h0DIkcW2lElpCNm4wE0eyR3MqYLsMLuKX0sm3zmBV6r90glKDEbcO8SPZzHwLr bTom3gLJN0aQyOzzPdlKCRARDXu_k_u1ImZACtYOjYCBZfzCM=-GwEDAGR6N7_KghVE1 6C cMCNAz CSowkQP2thhiPom9Nw48WWPkZxGYa7YPRVce6d5teM_UfNRoVa KdyEX9I5VsPEmw8I1dffdKRNHWikbxWAsdVVWW2gTWVTA6fppCmLX PVeCn4p8FmMm0ZvHruS33rlkX5iNHPJ3MGcPSkNyTNS81wrmcJq0AEUjOYChU5i4AAtxgRy2HxwNkMDpBOCqPoy9dYrIaHmQfgpIpJDXCrD7jyhKnh1ARmgJ2pki7Tm9Vn4J2eOABXSpNs_Jb62VgBwy3LoxF 0kLlgD0pDjKI 2tracjrK0YWH1oxR2ThE3TKkX8M xdocToR5MHFuQCDJbtlSGx mAR3LW7_7STTkaH4aGWK5WqggbEK9KEfQDxLa7gwG_EB0By5tDy iG9XewwgDYvGoRoLaN7eOMQpqVsju6LIqAr9c8rS7lGYsWnE3apJgGIj1iSRbG7LjaE985H66lC9y7Fos3Vd1JXwtkPg0Md3TeB2K8JE9VDZpfvye7VVrKHx oQdURHkS8vmM17ajvxrHBdzHuf3DwlS2tGb2UzFPYYdBA97eVyDnnuYdJ7NIDf_2ZZutCsH021ARK4O3rbVBO9WifGC xISqtv2SDnq4UCy4VWlXp kp0WQN2GEPS_dqKj72BIUsiURidQLH4L0XSG NqusIXX4xxHuFdB40h0P__S4hwuslOdiw5au56Megzq3CnjlOs9OYC70soZSEZS9rOli2R_NiCMV4Ky4N59Ol6QpGvb0AKDraOhzu1xqv

http://www.4gamer.net/jump.php?http://file.4gamer.net/.../FSXDemo.exe

http://www.downloadpresentcity.com/13OF hv LWLL uWAWmSkQywhPhexPeyIWpKjWJe6JENqcygNKgYTkZWt47Rj0CEPRxrr2ErNKH3VmfwIAJmRwwtE17LYE091XSjqUetjtOBdLpf2ftEQpoE4VdPKWo9R_2DpAN f_ubot2wvozig3s9HkvGDoGYARrEiU4sl0ASEfspavf5_2ykiZfqT8VkXdqI79jd3-GwUDAGSwbfwfD7yQEcL7CT1hlIR4wQBGhgITOWBviyHmk9h748CTNUZ FoE5v9YubbLtuTYL3jud W_8dCDa8qHxKIgTv2hXyyAjB7NxoVNtQrfeVB9c85bHlYpDqao_cGO7127qjMq_XbOItikbyQ1eNXzGVYeHLfcH5pJ7DeVBnUzMu mGIAaI7cjiNO4GwqglzoB4pd_9 uTbqa7PHXpHo_0yWEr0 Iueimcg4uSzl9yNSjOCK7F636KYMXi9jNZIlolPPy72BaXMMcOtUpVZjolG1263F QGbrGxrXmNyzXEwgwry9qMF7NDCc5Pfy3uVPRu6_72BGa09nb5ldT9LSaCle0WUnjuflOdVCEmuiUFFH_74asqIZN_5deAXLF0kFve7Htixq_rvl0M7JHhORXkJUMJcXM9U4zV2QzLmT6U8W51WhQNyA4m2AgnHZkJQHCGuv4Ei90cuqlLs3PDSsAzBfdczbJhCBZPz Mg2yfmQMQJIHai3F1T g4N13GqyXVER pYEk7BrcBeotfCud6G8jbTFoO_al6T4gtXLqskwvdjEGzuZtjvgHqzP qVaeyr4MvroBzptc0cRBTgwrbt9GaSuU7EMXs5Sa5NLKafendq87U14zwtN9shLz41AvuIK2OyDMWxp6XXgQ0hgei1qYFls5DyMWdp1ibmZVYr2eRX90Nim1u VMAX_vmpkYogaC7vPLkxWgsqbKAnhUsrUjLEqa26eF5ebyDrL9k Jq2oUud1eyE

http://www.ranchmetabits.com/5yytNZANcBEralGvHm4_cmfEjEUXjDvyijzWPhxLaXkV5C gvHiylGxsG5gYTQg7b75AC1ywK6elGM_ZJR_pJN2Z_uesSrGsrda_Ko7ze_WNIFjl71NB24cjcbgvHorXbvYOXbfbc3_kn1o5d9XXfpRtoi2xWaLrgubROJM0S3cA55rdXf1puwl2R3s9IbkvWLOU9UcEVTvuvClb18kmSsRa0Np4gg==-GwkDAGSqzer5WEMsu3uCeBBrAh8KAoEMpJGmMZjIAXtbDDGfxN4bB56sMfKzCExUYVgPzVbiYcV7qPtX9TwKjIdvvRT0rKeeyRAut4ugmluPpAmcehjAUxOEKSkCU4mwHCi2HUQu1ZcT5fppomu9Ljg 6k_DjbNYpBw4RpaJ8Vs8kFba3UhGeTMI5HinzDZ2d_CQT2e4jFrY6iqTUrzTWw_rIn3qJxUBs5ONBIbM7TEabPUtBoM6pZ_R2Ssq9qSIa8L0XWBorzMjlhgXpqrp8mgSY8X31cMAvh4cDg1jA RThbHdigl08meU3DxBPnscMdj5qutJC8imzFCk9urq7OsgkIO4z6RFtZ2RG4O7FOwTooH150wOP12rbnQ07_O1ay9TZY75 OTihfiLpRnZTfmtwiRolff6DSSblhj0q3bor8 BE 6EqHvRoRkN6VDnixim3HyKxPjePHTchT4BMrXs3asHfkd3C9AXfqZJBjtdacgD8W1eS1AlgO2wTlmN2dApnn35sKYdqyXyK LQeyWDa87n395PS6j8nvX0 yPi7Tx_xUSSM j6pgI1tIozbZti0DI1hVZxY13lvPsCaFC4bvzhwGQRwyV7QZCpx1UcaDFstysIK4x0QzBcWT2vyau6LFiUuFPsdSKX4Fl13ESlMCrqTApgkzbrXBOZc7 qt42QokWg5E7hKVyk0A77Pz90UhVFJ35Sm0N2Nzbht_qJLLl9471rE8eDMpOkn2

http://www.downloadpresentcity.com/0X1YwCtt3bfWb_6ZhVT_XREjTq1LIV5nWtmSQNlLfVIGRWVq3JzKQjMRKBLv8Kr1XTvBgG 9948ZGHtWCfSdEhBQTgt_xG5cC2TQPe6nk90JMAj4keOQ3xpswT7o6DyA4_fO3CiqqslOKEwyZ4tfrJylRTdaJlNsJ9iUNKS3UlPh82ucoZo=-GwUDAGSqzX Ph_1twR911Be9MHgCwSTARA7Y22KI ST23jjwZI2Rn0VgbsUxVp_6zI_PjvdOT5Jw2glfOelRx WwxIqL2M2ysCTU2w1rierWuFSBm2Kh2pRvPXhZRMePTO0g7nZKY4LZ3rvQeadUfvzk3FAqtnK9p7POWHxtbcHhmadeJJmyXqOkVuSpvYEFFtoHbfJCja _Bko006vBIWNourfhqgE83XRbozuEDchiHkreycdFXcpCwJBJjhOITiM1URgTo9Utd8fJMA5WJmZu5uxvSPKVXcSktlC9dEArjQzw1jqrsCRIvd5MeRMhY3WaFDZFiDi3eKPL65V8U8MHfPdKoNi4evNw3bHOLXrg8JuEZbS0y2O lO BIP3CDIW4M9XbvFOx_dFnI66fqrp6SKaf2JEUd0zgJdxof3QvvLTGG7eMDAViyCIg04aLssvZ7I8iefaM7ZWLaHNqGxV5kCfBsUSknng9GM3Ff9grq2ZZsbzSAH6uWwdC7it5q36WDSgxJ52SGvw3TO0MmtuF7Ru3eGjsyBhMtHdZ3jul2oLxw8Iu6T64TJlsN9y60MWgqg8N5cjwIZMMiV8M23vIIN5roAsGlIHNnc9bmvmrv4Kr60 SoIEqW3q pqarrkM5e4aA78QWUBj7NXOSB4_ecWr30QSy3_mP80ymNtg44OZnzIcYfQh zjrxn99kVGRZ2cOZ LE2TWHGjw0lBR6sd38JxX8homZEmdVy1PcpsXsicD9f6Fx PhuHjKTgeKXw WHBG2Em_hok

http://www.downloadpresentcity.com/FGL5DktOiko_nGE4GqNN2ipG9LHkOsG9CU7RBf9T8wtP0fS9wYtPBfgGvD1SGSNBUyGPkTgz1hZVRtXBMwumKlJoQy5Q0_Ralf5O6HuZNhvVN3YZUN20Cvql1kpsBRcr3EIeWg0STyvRhm_78jJxmV9ewB0aqhQn78RWKBsVtXI oHkLudQ4VQqgcdPG8xSPhwC3PBTv-GwUDAGReN nHgRNIoXJf8aC68AIU1VKYyAF7Wwwxn8TeGweerDHyswjMNd2HvHsfaO82vHd6sJ08fzr_ZgDyYq1iv7TRfUK6L_eL6zO81L9dDcp5sb0NS xaPfUE2a4ZsZuptvDQg1C6yG49vYeuQALH9LhS5i_yhBrGQ0JX5vflpnRSgrM9vjSvbbgRXRupg5d3 Qy2H1bhJyvARD4yVwaq1DWu3fspg0r4ZtYyscibfdLHsmuyo3QBmR8wb WTulWCB5UwE 00frnso5SRIfhpfrfTB3MC0SEzGlsARd8mqPmUckm8o9iDgQ6JIqQtOs42gRcamed6DaEEv2N_h2jQOoKJt3k4LiSi7nQ5qvYqk9PihYSeyB9By1SgK4OuHaQLF7yt2LBkSaPZzF5ESFKU7dZH nLVVBBb2uwwlbrndaE95WyHzJS6Wa483hpPJ_ib9AmZWG7U Mi9a8s_yDN138HXr7TLJrRHnXvBa25DM4iedEk2gSc_JnzMQaaxIF0hklfWbeWbgLnRx3jNgL2lnMPevzfGleSH1kwkknWtfQnGO42dLblOdwnnhiG79gnHMy4trsMKO5S66xazdDRYzcEgrMEpMhafrjkYHJwTjoFvMH9Miu7NWaupyV7dOT0RdlAUD6mGeVkPg44Klp76HC9MUyA52yD2xyGcaFmqzgtd3Di9NPE4gY3Xf36KBE_TmgOAW8eEGLZ6NUZ8biW3E2Os856plY2Q2C1wv g8RAYXgOxW3dEDDIs_

http://www.ranchmetabits.com/A 4eiynkWhHcrdB45uHtu2mNgL7twty995WUluYdzy8LwMjro9HCfezdrNo7mzOOSOA9CitOHI6Lsuj9YLn3E6NxflmTI cSe4eCONu7TE989V8ZFYDGBV8O7crGAA8B9AFQ6iTbsW 0sQZTrf3Q8Sdm8_XjWsgOLGD4OtnisvS9uY8C1mU=-GwkDAGSwbdDzwYWOvqZjKFeYjBr0FMAhB zfzhBzIglzMJFbwgW3u8bEj4tAXR5b_ re5L51q94Y1LnzxSCLQRtaxsI1_cwCgPL6KfuXhgfyD14z96UjaOPsABnXqBTQdFG9N87IwtiOoIWzzXoucTMN6Yf4GD4gwU yO9ZhyhezMnYNtzyEfbZ7ktF5II5P96MY2dxk5J5FUG3TYRT7 dTo3gD9mjblVoQhvB9TxvUK8suBe1nTKE9OSvK3ufN_42Ago3nKgdBl3YgoWsnN652B4Oq5vO2rKQyjx6RtRiTKF61VXjVnD41taOf7JDXPz6Q ENxUWJcv5jLoW5Yrd qBZibpKg9wn9nOvxovBo7od94M_5aN NoMJTmJL3rlxWeZYdGZI233 vRv1zR4QklNo1ZP_nANtAB4_M2yuafPJy6Qp3Ix3SDpClfFr5kqp2l_UjljY oBbPgOeGllEKZjfi5xzBAvSve1 CTDFWSsMLPS2dfvRsWkzNFeNP11Z6liKtQaLPfwIciJTp_SiqWlJyRFVQW2V9OOLSlJ67WvQxbQay8xS_wnFXO2XdJmg6ygkkmKHS6HSRc pMshANWnJiC43gmHTyZWFMcaX2658UPZr8xDNCo3OLw1 e6nb_pRVntrtcR0P6WfnrF6bkkn6rLbT835jKiHPAJcUOecvbrPunpjt6LEeufUq_hBKvP7j8ZZkyQvAWzpd7DjDMK9ZS3316HILdN00csxo6hdHwKQzNn1j4fRNKJFQ4bvBVJB1B8ELgduosjIPjj4Lq

http://www.vaultsheadcentral.com/c?x=kNOHDAB/gsLaQoSiiCpbY/S0H3uUJcErz3a0FFrMVP8=&c=z5 riN8JF/Fg21FxfNosJo4gl3mky2K7Yv7Uc9rk08T9Ba7pbBX/HjZod/vTPjP8MqPFz3krs4k08e75VMeaGST7QuGO9LD8M 0hhqRtivgJ0WP2Kdy1PwtrfWAyt5660WNQqECRx4Lq93xkULT4UiaYk/Q1vRJ8/Pb5NKZNgA=&e=0&downloadAs=flight-simulator-x.exe&fallback_url=http://pf.benjaminstrahs.com/s/1458243947/fr/3/.../39624-5339-flight-simulator-x.exe

temp:FSXDemo.exe